npm Blog (Archive)

The npm blog has been discontinued.

Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.

Legal Stuff

At long last, we’ve consolidated a bunch of the various practices and policies of the npm registry and website into a single place.

If you’re simply can’t wait to dive into our policy documentation, you can go check it out at

Abuse, Conduct, and Safety

The biggest motivation for me personally in this effort was to make npm’s abuse and conduct policies extremely explicit.

While the danger is a lot less for an online service than an in-person conference, any boundary where humans interact is liable to become a breeding ground for hostility. npm has succeeded as well as it has as an open source community largely because the Node community does not tolerate bad behavior, whether on IRC or at conferences.

As they grow, online communities need more hands to keep things running smoothly. Larger groups find it much more difficult to stay in sync regarding acceptable behavior. Well-meaning administrators can start to question their instincts making it more difficult to do the right thing, or get burnt out trying to solve the same problems over and over again without clear support or direction.

We retained the services of Ashe Dryden, a very capable diversity and online-abuse consultant. Her input on this project was extremely valuable, and will continue to benefit the npm community for years to come, I’m sure. If you are interested in improving diversity in your company, or building a successful and healthy community, I’d highly recommend getting her input.

The tl;dr on npm’s code of conduct: We don’t tolerate abuse, so don’t do it.

Trademark, Privacy, License

For this stuff, we mostly relied on the input from our very capable lawyers at Carr & Ferrell.

The npm Trademark Policy is relatively liberal, but does meet the legal requirements of owning a trademark in the United States. If you’d like to use the npm name or mark in a product or service or anything else that seems to be not allowed by the trademark policy, just ask us and we’ll do our best to oblige.

The privacy policy covers what we track in our logs. As a company, we try to be as transparent and un-creepy as possible, while also tracking enough data to make npm better.

As a Real Legit Corporation, npm, Inc. has a legal obligation to do this kind of stuff, so as boring as it is, it’s good to have it done :)

Track the Changes

The policies are all stored in a git repository at If you would like to track changes, report issues, or suggest changes, you know what to do!